Tagged: #microsoft

Co-Authored By Josie Isaacson, Gonzaga University School of Law, J.D. 2015.

As the Internet has arguably become the main venue for global commerce, and as domain name registration becomes even more user-friendly, it comes as no surprise that trademark owners and right holders are facing an ever-increasing battle against foreign domain name infringement.

Facebook recently faced and effectively overcame this problem. A U.S. representative of the Ghana-based social networking website Ghana Nation, registered a similar domain to Facebook’s name (facebookghana.com). When Internet users accessed the website utilizing the domain, they were redirected to Ghana Nation’s website. After failed attempts to privately acquire the domain, Facebook filed a Uniform Domain Name Dispute Resolution Policy (UDRP) arbitration complaint against the registrant at the World Intellectual Property Organization’s (WIPO) Arbitration and Mediation Center.

In this UDRP arbitration proceeding (Facebook Inc. v Host, Case No. D2015-1057 (WIPO Aug. 14, 2015), Facebook provided conclusive evidence of their rights to the domain name and that bad faith use of the domain occurred. This included: (a) evidence of the well-known recognition of the FACEBOOK trademark around the world; (b) registration of the FACEBOOK trademark in multiple countries, including the United States, the European Union and Ghana; (c) evidence of the ownership of several Facebook-related domains across multiple top-level domains (e.g., facebook.biz and facebook.org) and multiple top-level country extensions (e.g., facebook.us and facebook.eu); (d) evidence that the registrant had no affiliation with Facebook; and (e) evidence showing that the registrant used the domain to take Internet users to a competing social media platform. Based on this evidence, the WIPO Administrative Panel warranted a transfer of the domain from the registrant to Facebook.

As Facebook’s recent cross-border domain name dispute illustrates, trademark owners or rights holders need to take important measures to protect themselves against foreign domain name infringement. However, before digging into what steps they can take to protect themselves against such acts, it is important to first understand how domain infringement occurs and the available enforcement tools to protecting trademarks from foreign domain name infringement.

How Does Domain Name Infringement Occur?

Unlike other forms of trademark infringement, domain name infringement, whether in a domestic or foreign context, occurs in three specific ways: cyber-squatting, typo-squatting, and domain name confusion.

Cyber-Squatting

Cyber-squatting is where a person or entity registers a domain of a famous or already existing trademark before the actual trademark owner or rights holder is able to register that particular domain. The registrant (squatter) does this usually in an attempt to sell the domain (or extort) t0 the trademark owner when the owner eventually wants to use or acquire rights to the domain, or when the squatter’s use of the domain leads to divergent Internet traffic towards the squatter’s domain website. The British Broadcasting Corporation (BBC) faced foreign-based cyber-squatting in 2000, when a U.S. entity who had a history of buying up confusingly similar domains to known company names and brands (e.g. www.chasevisa.com and www.yahow.com) registered the domain www.bbcnews.com before the BBC had the chance to acquire the domain.

BBC brought a WIPO UDRP proceeding against the registrant that same year (British Broad. Corp. v. Data Art Corp., Case No. D2000-0683, WIPO Sept. 20, 2000). Despite the fact that BBC did not register the domain first, BBC’s extensive worldwide use of the BBC NEWS trademark for decades firmly established BBC’s trademark rights to BBC NEWS. Further, the fact that the registrant purchased the domain long after BBC had been using the BBC NEWS mark worldwide, and as the registrant had a history of purchasing domains that were confusingly similar to well-known trademarks, the WIPO Administrative Panel was able to establish that the registrant had no legitimate interest to the domain, granting its transfer to BBC.

Typo-Squatting

Typo-squatting is where a registrant registers a very similar or misspelled version of a famous or already existing trademark, preying on the common mistakes Internet users make when typing a domain name address. Microsoft has combatted foreign typo-squatters multiple times, including their 2004 WIPO UDRP proceeding against a U.K.-based squatter over the domain micorosft.com (Microsoft Corp. v. Macafee, Case No. D2004-0027, WIPO Mar. 1, 2004). As in Facebook and BBC’s proceedings, Microsoft was able to establish their rights to the MICROSOFT trademark through trademark registrations in multiple countries, domain name registrations including MICROSOFT across multiple top-level domains, and the registrant’s history of registering confusingly similar domains similar to existing brands. As such, Microsoft prevailed over the domain registrant and won rights to the domain name.

Domain Name Confusion

Domain name confusion can occur when two entities have the same name or when a parody site registers a famous mark as a domain name before the actual famous person or entity can register it. Although not cross-border focused, a good example of such confusion is the U.S. case of People for the Ethical Treatment of Animals, Inc. (PETA) v. Doughney, 113 F. Supp. 2d 915 (E.D. Va. 2000), where the actual PETA organization brought suit against a parodist registrant who operated the website “People Eating Tasty Animals.” The registrant lost on parody grounds, and the domain was transferred to PETA, because the PETA trademark was used in the domain name and the parodist page did not simultaneously appear to Internet users–meaning Internet users would be confused between the domain names of PETA and parodist.

How Do You Combat Foreign Domain Name Infringement?

Now that you know how domain name infringement occurs, it is important to now look at what steps a trademark owner can take to prevent such acts.

Pre-Litigation Enforcement

Prior to taking more formal resolution procedures, such as initiating a UDRP arbitration or legal proceeding, a trademark owner can send a simple demand letter to prompt a domain registrant to transfer a similar or confusing domain to the trademark owner. A formal settlement agreement can help to ensure the transfer of a domain to the business or trademark owner if the registrant consents to the transfer. However, if the registrant refuses to transfer the domain, the trademark owner would need to proceed with more formal domain name dispute resolutions, as provided below.

UDRP Arbitration

The UDRP is the main dispute settlement tool to combat foreign domain name infringers by facilitating a streamlined, multi-jurisdictional, and often less expensive dispute resolution process. It was adopted by the Internet Corporation for Assigned Names and Numbers (ICANN; a non-profit corporation that manages the Internet’s domain name system), as a way to simplify domain name disputes, by creating one set of rules that every domain registrant must follow. UDRP arbitration can be sought by a trademark owner or rights holder through WIPO’s Arbitration and Mediation Center (as shown in cases above) or the National Arbitration Forum. The benefits of the UDRP are that it offers a speedier and cheaper option to obtain dispute resolution over a domain, through streamlined evidentiary and procedural processes, with the flexibility of allowing a trademark owner or rights holder to seek enforcement through national legal systems.

However, the UDRP has potential downsides as well. The only remedy available from a UDRP proceeding is either the transfer or cancellation of the disputed domain name, disallowing the recovery of damages. Further, as a UDRP panel does not have to follow strict precedent and has a relatively less-defined evidentiary standard, the UDRP arguably has more unpredictable outcomes than litigation. Lastly, as the parties to a UDRP proceeding can always seek litigation, a UDRP arbitration proceeding may be a non-permanent dispute resolution measure.

So if you choose a UDRP proceeding, what must a trademark owner or rights holder prove to have an infringing domain name transferred or cancelled? According to URDP Rule 3(b)(ix), a successful UDRP complaint must establish three primary elements including that:

The registrant’s domain name is identical or confusingly similar to a trademark or service mark in which the trademark owner has rights;

The registrant’s has no rights or legitimate interests in respect of the domain name; and

The registrant’s domain name has been registered and is being used in bad faith.

While these elements seem straightforward, trademark owners and rights holders should work with a qualified attorney to evaluate the merits of their case prior to initiating a UDRP proceeding.

Litigation

The final alternative in combatting domain name infringement is litigation. The upsides to litigation include the availability of damage recovery and formal precedent and procedural rules of evidence. The downsides are increased legal costs, longer proceedings, and often jurisdictional issues, especially for cross-border domain disputes. Like UDRP proceedings, trademark owners and rights holders should work with a qualified attorney to evaluate the merits of their case prior to initiating a legal proceeding.

How Do You Prevent Foreign Domain Name Trademark Infringement?

Before seeking these identified enforcement procedures, there are a number of measures a right holder can take to ensure favorable outcomes to any foreign domain name dispute. These include trademark prosecution, domain name registration, and domain name monitoring.

Trademark Prosecution

The most important way to prevent foreign domain name trademark infringement is to first acquire trademark rights to the domain name in question. Regardless of the country, trademark registration (aka prosecution) is the most effective way to establish trademark rights as it grants the greatest amount of rights possible to a trademark under a country’s laws, and a presumption of exclusive ownership to a trademark in that country. While it is impossible to know what country (or countries) a potential infringing domain registrant will be located, a trademark owner wishing to prevent foreign domain name trademark infringement should consider trademark prosecution in the countries they offer their goods and services. Beyond a prudent means to protect trademark rights, proof of prior trademark registrations in multiple countries strengthens any domain name infringement case against a domain registrant. As in Facebook’s UDRP action, Facebook was able to establish its rights to the facebookghana.com domain based on its prior trademark registrations for FACEBOOK in Ghana and the United States, where the registrant and their principal was based, as well as other major markets such as the E.U. As with any means of trademark protection, trademark prosecution is an essential protection tool.

Register Domains Early and For All Variations

Registering a trademark as a domain early, including in any popular top-level and country designations, can help to eliminate foreign domain name infringement. In Facebook’s dispute above, early registration of the Facebook trademark in various top-level domains and multiple country designations helped to show that consumers would be confused as to a false connection between Facebook and the infringing domain facebookghana.com. Registering domain names early and across popular top-level and country designations establishes priority in the use of the domain names and starts the growth of an online user base accessing the domains.

In addition to registering domains with the exact trademark, it is also good to consider registering domain names with similar misspellings. Such as with Microsoft, typo-squatters will prey on consumers who incorrectly type a company name like Micorosft. Microsoft’s registering misspelled versions of their name may have prevented their 2004 domain dispute from ever happening.

Domain Name Monitoring

As trademark monitoring services help to detect general trademark infringers, domain monitoring services can help to catch infringing domain registrants. Several service providers offer domain monitoring services, constantly searching for confusing and similar domain name registrations in addition to providing alerts to changes in ownership to specific domains. Such monitoring can help to detect domestic and foreign domain name trademark infringement, as well as help trademark owners strategize the acquisition of domains.

What’s the Takeaway?

In the end, robust trademark prosecution, domain registration, and domain monitoring can help to reduce foreign domain name infringement. If a trademark owner or rights holder does confront a infringing registrant, swift action should be taken to protect trademark interests, including pre-action enforcement, and possible UDRP arbitration or legal action if needed. While most trademark owners do not have Facebook’s resources to fight foreign domain name trademark infringement, most owners can take prudent measures to prevail against foreign domain infringement if the correct steps are taken to secure and enforce domain name and trademark registrations worldwide.

On March 17th, the U.S. Attorney’s Office filed charges in U.S. Federal Court (Western District Washington) against Russian national Alex A. Kibkalo for stealing trade secrets from software giant Microsoft under The 1996 Economic Espionage Act (18 U.S.C. § 1832). Although U.S. v. Kibkalo (14-mj-00114) has yet to be ruled on, and despite involving a large multi-national business like Microsoft, this case highlights several cross-border trade secret protection issues all internationally-focused businesses should consider.

Facts. To understand these trade secret protection issues, it is important to first understand the alleged facts of this case. According to the U.S. Attorney’s Complaint, Kibkalo was a Microsoft employee, working as software architect in Microsoft’s Lebanon office. He allegedly signed a non-disclosure agreement (“NDA”) at the beginning of his employment.

Between July and August 2012, Mr. Kibkalo allegedly established a virtual machine on a computer server at Microsoft’s Redmond, Washington headquarters to upload unreleased versions of Microsoft’s software updates and a software development kit (collectively, “Content”) to his personal cloud storage account. The Content was secured on Microsoft’s internal system by Microsoft’s internal security program that included limited facility and electronic system access points, facility monitoring, and unique identifying signature technology to track downloaded proprietary information from the internal system. Those who accessed content on Microsoft’s internal electronic system were also required to accept Microsoft’s terms of service that included warnings concerning the proprietary nature of content on the internal system as well as reminders to Microsoft employees and others of their non-disclosure obligations pertaining to proprietary information on the system.

Once Mr. Kibkalo allegedly downloaded the Content, he allegedly transmitted links to the Content to a French technology blogger whose actual geographic location was unknown. Microsoft became aware of alleged transmission through an outside source who was contacted by the blogger about the Content. Microsoft subsequently monitored the blogger’s communication through the blogger’s Microsoft Windows Live Messenger account. An examination of the blogger’s Messenger communications and emails allegedly verified the transmission and unique identifiers in the Content.

Lessons To Be Learned. Although this fact pattern is by no means novel, it does reveal cross-border trade secret protection issues all companies should consider in order to ensure their trade secrets are protected under U.S. and foreign trade secret laws.

So what protection issues need to be considered?

Worker Protection Measures. Kibkalo emphasizes that establishing trade secret protections through contractual provisions with contractors and employees is essential for businesses to protect their proprietary information, both at home and abroad. Under U.S. law (18 U.S.C. § 1839(3)) and international legal standards (Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) – Art. 39.2(c)), businesses who wish for their proprietary information to qualify for trade secret protection must take “reasonable” measures to protect such information from public disclosure. Often, this requires that a business have their employees, contractors or any other person to whom they disclose the business’ proprietary information sign a NDA (or similar agreement) prohibiting such persons from disclosing the proprietary information to others.See MAI Sys. Corp. v. Peak Computer, Inc., 991 F.2d 511, 521 (9th Cir. 1993).

Assuming Microsoft had an effective NDA executed with Mr. Kibkalo under U.S. law, Microsoft would likely be in a position to enforce trade secret protections in the Content under U.S. law.

Any business, regardless of its geographical location or the location of its employees or contractors, can also take similar protective measures.

Internal Security Measures. This case also highlights that international businesses need to establish internal security measures in order to effectively protect their proprietary information. Electronic and facility security measures, such as access restrictions, surveillance mechanisms have been found to be reasonable protection measures to help businesses qualify for trade secret protection. See U.S. v. Chung, 659 F.3d 815, 825 (9th Cir. 2011). As Microsoft attests to maintaining similar security measures, such measures would likely help Microsoft to obtain trade secret protection for its Content.

It goes without saying that not all businesses can afford the same level of security protections as multinational businesses like Microsoft. Yet, simple and relatively inexpensive security measures such as password protections, locking of files and computer equipment, as well as posting confidential notices on proprietary information can effectively help any business to better qualify for trade secret protection, both in the U.S. and abroad.

Online Monitoring Measures. Lastly, this case highlights the importance of online surveillance and tracking measures that businesses should consider acquiring to protect their proprietary information throughout the globe. Although generally not required to obtain trade secret protection under U.S. and/or foreign laws, the monitoring of suspected persons or entities who may be misappropriating trade secrets (*provided they are done so in compliance with applicable laws and regulations), as well as tracking software, are both effective tools to identify and prevent trade secret misappropriation. Microsoft would not have been able to determine that Mr. Kibalko had allegedly stolen the Content in the U.S. and allegedly transmitted it to the blogger outside of the U.S. without its unique identifier technology.

Granted, not all businesses have the same circumstances that allowed Microsoft to find out about the blogger and Mr. Kibalko’s alleged activities (e.g., outside sources, access to Messenger and email accounts, etc.), nor the available funds to conduct Microsoft’s extensive online surveillance activities. Yet, there are many (legal) monitoring services, investigating agencies, and identifying software products on the market that can help businesses better monitor misappropriating conduct both at home and abroad.

What’s The Takeaway? It remains to be seen how U.S. v. Kibkalo will be decided. However, this ongoing case shows that all internationally-focused businesses can develop sound practices and procedures to ensure their proprietary information is protected throughout the world. By establishing effective worker protection measures, internal security measures, as well as online monitoring measures, businesses can better protect their trade secrets from being misappropriated both at home and abroad.